1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
Candidate: CVE-2011-4459
PublicDate: 2012-06-04
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4459
http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html
Description:
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not
properly disable groups, which allows remote authenticated users to bypass
intended access restrictions in opportunistic circumstances by leveraging a
group membership.
Ubuntu-Description:
Notes:
jdstrand> regressions found in DSA-2480 (see bugs)
Bugs:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674522
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674558
https://bugs.launchpad.net/bugs/1004835
Priority: low
Discovered-by:
Assigned-to:
Patches_request-tracker4:
vendor: http://www.debian.org/security/2012/dsa-2480
upstream_request-tracker4: released (4.0.5-3)
hardy_request-tracker4: DNE
lucid_request-tracker4: DNE
natty_request-tracker4: DNE
oneiric_request-tracker4: ignored (reached end-of-life)
precise_request-tracker4: ignored (reached end-of-life)
precise/esm_request-tracker4: DNE (precise was needs-triage)
quantal_request-tracker4: not-affected (4.0.5-3)
raring_request-tracker4: not-affected (4.0.5-3)
saucy_request-tracker4: not-affected (4.0.5-3)
trusty_request-tracker4: not-affected (4.0.5-3)
utopic_request-tracker4: not-affected (4.0.5-3)
vivid_request-tracker4: not-affected (4.0.5-3)
vivid/stable-phone-overlay_request-tracker4: DNE
vivid/ubuntu-core_request-tracker4: DNE
wily_request-tracker4: not-affected (4.0.5-3)
xenial_request-tracker4: not-affected (4.0.5-3)
yakkety_request-tracker4: not-affected (4.0.5-3)
zesty_request-tracker4: not-affected (4.0.5-3)
devel_request-tracker4: not-affected (4.0.5-3)
Patches_request-tracker3.8:
upstream_request-tracker3.8: needs-triage
hardy_request-tracker3.8: DNE
lucid_request-tracker3.8: ignored (reached end-of-life)
natty_request-tracker3.8: ignored (reached end-of-life)
oneiric_request-tracker3.8: ignored (reached end-of-life)
precise_request-tracker3.8: ignored (reached end-of-life)
precise/esm_request-tracker3.8: DNE (precise was needs-triage)
quantal_request-tracker3.8: DNE
raring_request-tracker3.8: DNE
saucy_request-tracker3.8: DNE
trusty_request-tracker3.8: DNE
utopic_request-tracker3.8: DNE
vivid_request-tracker3.8: DNE
vivid/stable-phone-overlay_request-tracker3.8: DNE
vivid/ubuntu-core_request-tracker3.8: DNE
wily_request-tracker3.8: DNE
xenial_request-tracker3.8: DNE
yakkety_request-tracker3.8: DNE
zesty_request-tracker3.8: DNE
devel_request-tracker3.8: DNE
Patches_request-tracker3.6:
upstream_request-tracker3.6: needs-triage
hardy_request-tracker3.6: ignored (reached end-of-life)
lucid_request-tracker3.6: DNE
natty_request-tracker3.6: DNE
oneiric_request-tracker3.6: DNE
precise_request-tracker3.6: DNE
precise/esm_request-tracker3.6: DNE
quantal_request-tracker3.6: DNE
raring_request-tracker3.6: DNE
saucy_request-tracker3.6: DNE
trusty_request-tracker3.6: DNE
utopic_request-tracker3.6: DNE
vivid_request-tracker3.6: DNE
vivid/stable-phone-overlay_request-tracker3.6: DNE
vivid/ubuntu-core_request-tracker3.6: DNE
wily_request-tracker3.6: DNE
xenial_request-tracker3.6: DNE
yakkety_request-tracker3.6: DNE
zesty_request-tracker3.6: DNE
devel_request-tracker3.6: DNE
Patches_rt:
upstream_rt: needs-triage
hardy_rt: DNE
lucid_rt: DNE
natty_rt: DNE
oneiric_rt: DNE
precise_rt: DNE
precise/esm_rt: DNE
quantal_rt: DNE
raring_rt: DNE
saucy_rt: DNE
trusty_rt: DNE
utopic_rt: DNE
vivid_rt: DNE
vivid/stable-phone-overlay_rt: DNE
vivid/ubuntu-core_rt: DNE
wily_rt: DNE
xenial_rt: DNE
yakkety_rt: DNE
zesty_rt: DNE
devel_rt: DNE
|